Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).

Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org> GH: #495, MR: #1435
2015-12-04 14:35:43 +00:00
parent f8137a62d9
commit ba67253db1
13 changed files with 245 additions and 7 deletions
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1490,6 +1490,11 @@
 #define NID_proxyCertInfo               663
 #define OBJ_proxyCertInfo               OBJ_id_pe,14L

+#define SN_tlsfeature           "tlsfeature"
+#define LN_tlsfeature           "TLS Feature"
+#define NID_tlsfeature          1020
+#define OBJ_tlsfeature          OBJ_id_pe,24L
+
 #define SN_id_qt_cps            "id-qt-cps"
 #define LN_id_qt_cps            "Policy Qualifier CPS"
 #define NID_id_qt_cps           164
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -217,6 +217,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;

 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;

+typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
+
 DECLARE_STACK_OF(GENERAL_NAME)

 DECLARE_STACK_OF(ACCESS_DESCRIPTION)
@@ -561,6 +563,8 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
 DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
 int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a);

+DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
 DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
 DECLARE_ASN1_FUNCTIONS(POLICYINFO)
 DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
@@ -962,6 +966,7 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
 # define X509V3_F_V2I_POLICY_MAPPINGS                     145
 # define X509V3_F_V2I_SUBJECT_ALT                         154
+# define X509V3_F_V2I_TLS_FEATURE                         165
 # define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL          160
 # define X509V3_F_V3_GENERIC_EXTENSION                    116
 # define X509V3_F_X509V3_ADD1_I2D                         140